<?php
session_start();
// include settings and functions
include "../conn/database.php";
include "functions.php";
// if the user submit the form
if(isset($_POST['submit'])) {
	// initialize errors values
	$errors=0;
	$errors_text = '';
	// cleanning the post data from hacking attempt
	$post_data = clean($_POST);
	
	// empty post data verification
	if(empty($_POST['email'])	|| empty($_POST['password'])) {
		$errors_text .= "Des champs sont vides<br />";
		$errors++;
	}
	
	// email verification
	if(!check_email($post_data['email']) ) {
		$errors_text .= "L'email n'est pas correct<br />";
		$errors++;
	}
	
	//password vertification
	if(!check_password($post_data['password'])) {
		$errors_text .= "Le mot de passe doit ¨ºtre 5 - 20 caract¨¨res<br />";
		$errors++;
	}
	
	// if no errors we proceed
	if($errors == 0) {
		// data correction
		$email = strtolower(filter($post_data["email"]));
		$password = MD5($post_data["password"]);
		
		//check the user and password
		$sql = "SELECT * FROM `T_PERSON` WHERE EMAIL_ADDRESS = '".$email."' and PASSWORD = '".$password."' limit 1";
		$res = mysql_query($sql);
		$rows = mysql_num_rows($res);
		$result = mysql_fetch_array($res);
		
		//if user exit and password right
		if($rows>0){
			//check the role of the user and if it has been actived
			$sql2 = "SELECT * FROM `R_WEDDINGS_INCHARGE` WHERE PERSON_SID = '".$result['PERSON_SID']."' and ROLE = '1' limit 1";
			$res2 = mysql_query($sql2);
			$rows2 = mysql_num_rows($res2);
			$result2 = mysql_fetch_array($res2);
			if($rows2>0){
				//if it is not actived
				if(!$result2['IS_ACTIVATED']) {
					$errors_text .= "Sorry, please vertificate your email address.<br /><a href=''>send me an vertification email again</a><br />";
					$errors++;
				} else {
					//if no problem
					
					//read the left and right persons
					$sql3 = "SELECT * FROM `R_WEDDINGS_PERSONS` WHERE WEDDING_ID = '".$result2['WEDDING_ID']."' and RELATION_TYPE = '1' limit 2";
					$res3 = mysql_query($sql3);
					$rows3 = mysql_num_rows($res3);
					if($rows3 > 0) {
                        $left_result3 = mysql_fetch_array($res3);
                        $_SESSION['luid'] = $left_result3['PERSON_ID'];
                    }
					if($rows3 > 1) {
                        $right_result3 = mysql_fetch_array($res3);
                        $_SESSION['ruid'] = $right_result3['PERSON_ID'];
                    }
					
					//read the interview ids
					$sql4 = "SELECT * FROM `T_WEDDINGS` WHERE WEDDING_ID = '".$result2['WEDDING_ID']."' limit 1";
					$result4 = mysql_fetch_array(mysql_query($sql4));
					
					//read the events
					$sql5 = "SELECT * FROM `T_EVENTS` WHERE WEDDING_ID = '".$result2['WEDDING_ID']."'";
					$res5 = mysql_query($sql5);
					while($result5 = mysql_fetch_array($res5)){
						$_SESSION['eid-'.$result5['INDEX']] = $result5['EVENT_ID'];
					}
					$_SESSION['linid'] = $result4['INTERVIEW_ID_LEFT'];
					$_SESSION['rinid'] = $result4['INTERVIEW_ID_RIGHT'];
					$_SESSION['binid'] = $result4['INTERVIEW_ID_BOTH'];
					
					$_SESSION['guid'] = $result['PERSON_SID'];
					$_SESSION['fname'] = $result['FIRST_NAME'];
					$_SESSION['lname'] = $result['SURNAME'];
					$_SESSION['gender'] = $result['GENDER'];
					$_SESSION['wid'] = $result2['WEDDING_ID'];
					$_SESSION['role'] = $result2['ROLE'];
					if($post_data['savepass']){
						setcookie("email",$post_data['email'], time()+7*3600*24);
						setcookie("password",$post_data['password'], time()+7*3600*24);
					}	
				}
			}	else {
				$errors_text .= "Sorry, you have no right to access the administration.<br />";
				$errors++;
			}
		
		} else {
			$errors_text .= "User not exit or password not correct.<br />";
			$errors++;
		}
	}
	
	if($errors == 0) {
		$arr['success'] = "1"; 
        $arr['msg'] = 'Login success!';
		$arr['url'] = 'bienvenue.php';
	} else {
		$arr['success'] = "0"; 
        $arr['msg'] = $errors_text;
	}
	echo json_encode($arr);
}
?>